Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

Prosody with authentification against LDAP/ActiveDirectory

I am using

  • Prosody v0.9.1
  • sasl2-bin v2.1.25
  • Debian 8/jessie

you need several packages:

apt-get update ; apt-get install sasl2-bin libsasl2-modules-ldap lua-ldap lua-cyrussasl

and configs:

/etc/default/saslauthd

START=yes
MECHANISMS='ldap'
MECH_OPTIONS='/etc/saslauthd.conf'

/etc/saslauthd.conf

ldap_servers: ldap://ldap.example.com/
ldap_search_base: ou=foo,dc=example,dc=com

ldap_bind_dn: ldap-user-for-binding
ldap_bind_pw: pw-for-that-user
ldap_use_sasl: no
ldap_start_tls: no
ldap_auth_method: bind

ldap_filter: (sAMAccountName=%u)

/etc/prosody/prosody.cfg.lua

authentication = 'cyrus'
cyrus_service_name = 'xmpp'

-- eventually configure SSL properly
ssl = {
        key = 'x';
        certificate = 'y';

        options = { 'no_sslv2', 'no_sslv3' , 'no_ticket', 'no_compression' };
        ciphers = 'HIGH:!DSS:!aNULL@STRENGTH!:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA';
}

Add the system-user ‘prosody’ to the ‘sasl’-group and restart both services:

adduser prosody sasl ; service saslauth restart ; service prosody restart

Eventually have a look at /var/log/auth.log for sasl-problems or the prosody-logs.

The post Prosody with authentification against LDAP/ActiveDirectory appeared first on nur Bahnhof.

flattr this!

Don't be the product, buy the product!

Schweinderl